Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Calibre\-Web
(Calibre\-Web_project)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-03-07 | CVE-2022-0767 | Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | Calibre\-Web | 9.9 | ||
2022-03-07 | CVE-2022-0766 | Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | Calibre\-Web | 9.8 | ||
2022-01-17 | CVE-2021-4171 | calibre-web is vulnerable to Business Logic Errors | Calibre\-Web | 9.8 | ||
2022-01-16 | CVE-2021-4170 | calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Calibre\-Web | 5.4 | ||
2022-01-17 | CVE-2021-4164 | calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | Calibre\-Web | 8.8 | ||
2021-11-16 | CVE-2021-25965 | In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | Calibre\-Web | 8.8 | ||
2021-10-04 | CVE-2021-25964 | In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | Calibre\-Web | 5.4 | ||
2020-05-04 | CVE-2020-12627 | Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | Calibre\-Web | 9.8 |